An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2). Progress Software said two of the vulnerabilities — CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk…

In a major update to its Windows 11 operating system this week, Microsoft has integrated Passkeys alongside Windows Hello, its biometric authentication tool. Passkeys creates a unique credential that allows users to authenticate with their face, fingerprint, or a PIN in a more secure process than the traditional password. Microsoft’s passkeys will be available on…

Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). The vulnerability resides in the Remote Desktop Functionality of Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635….

A type of memory corruption bugs, use-after-free issues occur when a program does not clear the pointer after freeing memory allocation. These flaws could lead to arbitrary code execution, data corruption, or denial of service. Use-after-free vulnerabilities may also be combined with other security flaws, leading to complete system compromise. The exploitation of use-after-free issues…

Tracked as CVE-2022-2587 (CVSS score of 9.8) and described as an out-of-bounds write, the vulnerability was addressed with the release of a patch in June. The issue was identified in the CRAS (ChromiumOS Audio Server) component, and could be triggered using malformed metadata associated with songs. CRAS resides between the operating system and ALSA (Advanced…

Ciphertex Data Security is introducing its new SecureNAS CX-160KHD-X model, which holds a 320TB, and its new CX-Linux ZFS operating system. These products provide a new level of safety, security, and portability for vital healthcare information, which is increasingly under attack by hackers desiring to capture and sell this valuable data or to hold it…

The zero-day flaw, documented as CVE-2021-36948, is rated “important” with a CVSS base score of 7.8. Microsoft described the vulnerability as a local privilege escalation bug, a suggestion that it is part of a larger software exploit chain. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows…